First Last Prev Next    This bug is not in your last search results.
Bug 478327 - radvd needs an SELinux rule
radvd needs an SELinux rule
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
9
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-28 03:04 EST by Allen Kistler
Modified: 2009-01-15 10:43 EST (History)
3 users (show)

See Also:
Fixed In Version: selinux-policy-3.3.1-117.fc9.noarch
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-15 10:43:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Allen Kistler 2008-12-28 03:04:23 EST 
Description of problem:
AVC denials appear in audit.log when radvd starts.

Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-116.fc9.noarch
selinux-policy-targeted-3.3.1-116.fc9.noarch

How reproducible:
Always

Steps to Reproduce:
1. start radvd
2. look in audit.log
  
Actual results:
28 messages logged to audit.log that look like
type=AVC msg=audit(1230449705.134:2914): avc:  denied  { net_admin } for  pid=21
290 comm="radvd" capability=12 scontext=unconfined_u:system_r:radvd_t:s0 tcontex
t=unconfined_u:system_r:radvd_t:s0 tclass=capability

Expected results:
No AVC denials

Additional info:
I've only started using radvd, so I'm not certain what functionality is getting blocked.  Nevertheless, I generated and installed the following policy with audit2allow.

require {
        type radvd_t;
        class capability net_admin;
}
require {
        type radvd_t;
        class capability net_admin;
}

#============= radvd_t ==============
allow radvd_t self:capability net_admin;
Comment 1 Miroslav Grepl 2009-01-05 07:48:12 EST 
Fixed in selinux-policy-3.3.1-117.fc9.noarch
Comment 2 Allen Kistler 2009-01-08 19:37:27 EST 
Fix verified.  I'll close the bug when 117 (or later) goes to updates for F9.
Comment 3 Allen Kistler 2009-01-15 10:43:11 EST 
selinux-policy-3.3.1-117.fc9.noarch is in updates.  Closing.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.